Medical device suppliers stalling NHS upgrade to Windows 11

Exclusive: NHS migration to Microsoft Windows 11 is being stalled by medical device suppliers which have not upgraded to the operating system, Digital Health News has learned.

Since 14 October 2025, Microsoft Windows 10 has no longer received security updates, meaning that NHS organisations either had to upgrade outdated hardware or pay for Microsoft’s extended security update.

James Rawlinson, director of health informatics at The Rotherham NHS Foundation Trust, said that around 98% of the trust’s Windows estate has been upgraded to Windows 11 owing to “amazing work by our tech teams”.

The trust has upgraded around 7,000 devices in the last three years, with around 30-40% requiring new hardware, while the rest were in-place upgrades.

However Rawlinson said that 2% of the trust’s devices have not been upgraded because the current version of medical device suppliers’ software does not work in Windows 11.

One supplier quoted the trust £25,000 to upgrade a three-year-old device to make it Windows 11 compatible.

“We have some examples where we bought clinical and medical equipment and the manufacturer now says we have to buy it brand new even though it’s only three years old,” Rawlinson said.

“Part of their excuse is that they have to go through, and rightly, very stringent checks with the Medicines and Healthcare products Regulatory Agency for their software to interact with a physical piece of medical equipment.

“We want them to do that, but it still leaves a nasty taste in your mouth when you’ve spent £34,000 on a piece of equipment and then three years later, you’re going to spend it all again because they themselves just won’t upgrade to support Windows 11.

“Historically these medical equipment suppliers have provided end-to-end support for their software and equipment, but then suddenly say ‘It’s nothing to do with us, it’s up to your local IT to look after it, but don’t worry, you can buy extended support from Microsoft’. It just stinks,” he added.

The trust is isolating devices that have not been upgraded in a secure quarantined environment to minimise cyber risk while negotiating with suppliers to find a long-term solution.

Rawlinson said the issue was “worrisome” and compared it to driving a car without insurance.

“You just hope and pray that nothing untoward happens, but if it did we’d have to disconnect those devices from our data network, which would impact local care,” he said, adding that this could lead to issues such as a cardiology system not being able to read pacemakers.

Commenting on the issue, cyber security expert Saif Abed, founding partner at the AbedGraham Group, said it is “deeply concerning“ that trusts are being forced into higher risk exposure by suppliers.

“Without central support or coordinated pressure on vendors, the NHS is left absorbing the clinical, operational and security consequences of poor supply chain behaviour.

“If clinical IT suppliers are serious about cyber security and patient safety, they should have ensured their NHS customers could migrate to Windows 11 without incurring additional costs. This is a basic expectation of responsible software lifecycle management.”

Digital Health News contacted NHSE for comment.